traag internet en problemen met laden van pagina's

[mellebel]

hallo,

ik heb problemen met mijn internet verbinding, hij is traag en geeft problemen bij verbinden met de server.
dit is sinds enkele dagen.
ik heb windows xp prof, eset nod32 antivirus een scan gedraaid met malwarebytes en bitdefender en niks gevonden.
kan iemand hier misschien iets vreemds zien aan mijn hijackthis log?
gr mel

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:57, on 8-2-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\KatMouse\KatMouse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mandy\Mijn documenten\setups\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.europe.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: KatMouse.lnk = C:\Program Files\KatMouse\KatMouse.exe
O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...4326429703
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com...nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 7311 bytes

[Marckie]

Ik zie geen rare dingen in je log.
Doe dit even:

Sommige cd-emulators kunnen het interpreteren van de logs bemoeilijken.
We zullen deze daarom tijdelijk uitschakelen.

• Downloadt Defogger en plaats het op je bureaublad: http://www.jpshortstuff.247fixes.com/Defogger.exe
  Dubbelklik op Defogger.exe om de tool te starten.
  In het scherm dat verschijnt klik je op de knop "Disable".
  In het volgende scherm klik je op Ja (Yes) om verder te gaan.
  Wacht tot je de melding 'Finished' krijgt en klik in dat scherm op "Ok".
  Indien DeFogger vraagt om de computer te herstarten doe je dit.
  Krijg je een foutmelding wanneer je Defogger gebruikt, dan zoek je op het bureaublad (of de map van waar je Defogger gestart hebt) naar het bestand defogger_disable en post je de inhoud van dit bestand.
  CD-emulator software kan je weer inschakelen met behulp van Defogger door de tool te starten en op de knop "Re-enable" te klikken.
  Dit doe je pas wanneer we volledig klaar zijn met de analyse van de computer.
  

We gaan een analyse maken van je computer en gebruiken hiervoor de tool DDS.
Dit is een diagnosetool en maakt gebruik van scripts. Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.

• Downloadt DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:
  DDS - Techsupport download.
  DDS - Bleeping download.
  DDS - Forospyware Download.
  Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
  Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
  Beide logfiles sla je op je bureaublad.

We gaan ook controleren of er rootkits actief zijn op de computer. Hiervoor gebruiken we Gmer.

• Downloadt Gmer Rootkitscanner: http://www2.gmer.net/download.php
  Plaats het op je bureaublad.
  Het bestand dat je downloadt bestaat uit een willkeurig gekozen combinatie van cijfers en letters. (vb jqb1jln3.exe of ubmp5cd5.exe steeds een combinatie van 8 cijfers en letters)
  Dubbelklik op dit bestand om Gmer te starten.
  Krijg je een melding dat er rootkits actief zijn en er wordt gevraagd om een scan uit te voeren, dan sta je dit niet toe.
  Pas eerst de instellingen aan zoals hieronder beschreven.
  Aan de rechterkant heb je een aantal opties die je kan uit- of aanvinken. Standaard staat alles aangevinkt.
  Vink volgende items uit:
  - Sections
  - IAT/EAT
  Files moet aangevinkt zijn, maar zorg dat hier enkel de systeempartitie aangevinkt is. ( De systeempartitie is die partitie waarop je windows geïnstalleerd is. )
  Haal het vinkje weg bij "show all" ( dit mag niet aangevinkt zijn! ).
  Klik nu op de "Scan" knop om de rootkitscan met Gmer te starten.
  Als de scan klaar is klik je op de knop "Save" en sla je het logje op op je bureaublad als gmerscan.txt.
  ( Klik je op knop "Copy", dan wordt de volledige rapportje van de log naar het klembord gekopieerd en kan je via CTRL+V in je volgende post plakken. )
  Om Gmer te sluiten, klik je op de knop "Cancel".

Volgende logjes mag je posten:

• de log gemaakt met DDS: DDS.txt
• de log gemaakt met Gmer: gmerscan.txt
• NOTE: De inhoud van Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

[mellebel]

ik heb gedaan wat je hierboven zei, alleen de laatste scan draaien neemt nogal wat tijd in beslag.
wanneer deze scan klaar is, zal ik de gevraagde logjes hier plaatsen.

gr mel

[mellebel]

hier de logjes;


DDS (Ver_09-12-01.01) - NTFSx86
Run by mandy at 19:37:27,29 on ma 08-02-2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1535.1008 [GMT 1:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\KatMouse\KatMouse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\mandy\Bureaublad\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.europe.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\mandy\menust~1\progra~1\opstar~1\katmouse.lnk - c:\program files\katmouse\KatMouse.exe
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Toevoegen aan bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\windows\system32\mscoree.DLL
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224326429703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash5r42.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mandy\applic~1\mozilla\firefox\profiles\lerhlyg8.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://europe.google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\mandy\application data\mozilla\firefox\profiles\lerhlyg8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\documents and settings\mandy\application data\mozilla\firefox\profiles\lerhlyg8.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\mandy\application data\mozilla\firefox\profiles\lerhlyg8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\mandy\application data\mozilla\firefox\profiles\lerhlyg8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-9-11 96408]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-11 735960]
S2 XPROTECTOR;XPROTECTOR;c:\windows\system32\drivers\Xprotector.sys [2009-10-18 42848]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2009-9-12 1527900]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-9-13 272128]
S3 UPnPService;UPnPService;c:\program files\common files\magix shared\upnpservice\UPnPService.exe [2009-9-6 544768]

=============== Created Last 30 ================

2010-02-08 18:28:10 20 ----a-w- c:\documents and settings\mandy\defogger_reenable
2010-02-08 09:04:08 0 d-----w- c:\docume~1\mandy\applic~1\QuickScan
2010-02-05 21:13:59 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-02-05 21:13:55 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-02-05 21:13:55 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-02-05 21:13:52 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-02-05 21:10:15 0 d-----w- c:\docume~1\mandy\applic~1\Peace Craft
2010-01-31 12:38:38 0 d-----w- c:\program files\common files\Symantec Shared
2010-01-31 12:27:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-01-31 12:27:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-01-31 12:27:08 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-01-28 08:03:34 0 d-----w- c:\docume~1\mandy\applic~1\Get Mail
2010-01-28 08:03:15 0 d-----w- c:\program files\GetMail
2010-01-22 14:51:51 22 ----a-w- c:\windows\popcinfot.dat
2010-01-20 09:57:24 0 d-----w- c:\docume~1\alluse~1\applic~1\Runic
2010-01-20 09:46:58 0 d--h--r- c:\documents and settings\mandy\Onlangs geopend
2010-01-20 09:04:07 0 d-----w- c:\program files\CCleaner
2010-01-19 13:28:50 645711 ----a-w- C:\beveiliging.pdf
2010-01-19 09:18:53 0 d-----w- c:\program files\common files\Bcgsoft
2010-01-19 09:18:33 0 d-----w- c:\documents and settings\all users\Bureaublad
2010-01-19 09:18:07 0 d-----w- c:\program files\Picture Collage Maker
2010-01-18 06:55:57 0 d-----w- c:\docume~1\mandy\applic~1\Softland
2010-01-18 06:55:38 7549 ----a-w- c:\windows\system32\dopdf7.ctm
2010-01-18 06:55:38 21704 ----a-w- c:\windows\system32\dopdfmn7.dll
2010-01-18 06:55:38 18632 ----a-w- c:\windows\system32\dopdfmi7.dll
2010-01-18 06:55:37 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-01-18 06:55:34 0 d-----w- c:\program files\doPDF 7
2010-01-13 06:32:48 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-01-07 15:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 12:36:50 13896 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2009-12-29 11:54:46 3532 ---ha-w- C:\drmHeader.bin
2009-12-22 05:21:10 670208 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20:58 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-14 21:33:06 1024 ----a-w- c:\docume~1\alluse~1\applic~1\imgppt2.dll
2009-12-10 18:27:48 81920 ------r- c:\windows\bwUnin-6.1.4.36-8876480L.exe
2009-12-10 10:42:33 87068 ----a-w- c:\windows\system32\perfc013.dat
2009-12-10 10:42:33 501868 ----a-w- c:\windows\system32\perfh013.dat
2009-11-15 13:21:18 1024 ----a-w- c:\docume~1\alluse~1\applic~1\imgdoc2.dll

============= FINISH: 19:38:28,48 ===============






GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-09 07:42:46
Windows 5.1.2600 Service Pack 3
Running: odhg6v7j.exe; Driver: C:\DOCUME~1\mandy\LOCALS~1\Temp\fxtdypob.sys


---- System - GMER 1.0.15 ----

SSDT 890C58A0 ZwAssignProcessToJobObject
SSDT 890C4CB0 ZwOpenProcess
SSDT 890C50D0 ZwOpenThread
SSDT 890C56D0 ZwSuspendProcess
SSDT 890C54F0 ZwSuspendThread
SSDT 890C4EE0 ZwTerminateProcess
SSDT 890C5310 ZwTerminateThread

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device ACPI.sys (ACPI-stuurprogramma voor NT/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Threads - GMER 1.0.15 ----

Thread System [4:388] 890C3930

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x08 0x12 0x12 0xFC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA4 0xE5 0x8D 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khje​h 0x37 0x9F 0x68 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x08 0x12 0x12 0xFC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA4 0xE5 0x8D 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x37 0x9F 0x68 0x9C ...

---- EOF - GMER 1.0.15 ----

[mellebel]

ps
ik zag in de logjes de volgende regel staan;


FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv


en vraag me ook af hoe ik hier vanaf kan komen.
heb deze vraag hier vorige maand ook gesteld en was er eindelijk vanaf, maar had hem snel weer terug, heel irritant..

gr mel

[Marckie]

Download combofix.exe van deze site: http://www.bleepingcomputer.com/combofix...-te-worden .
ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised".
Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
Krijg je deze melding dan meld je dit.
Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Post de inhoud van dit bestandje samen met een nieuwe hijackthislog.

[mellebel]

voordat ik combofix ga draaien wilde ik nog even vertellen wat mij vandaag meerder malen is overkomen.
wanneer ik inlog op mijn live mail/hotmail en mijn emailadres en wachtwoord invoer en vervolgens op aanmelden klik verdwijnt alles wat ik ingevoerd heb en komt er in beeld te staan; wachtwoord vereist.
wanneer ik de tweede keer weer probeer in te loggen gebeurd er hetzelfde en pas de derde keer logt hij in.
ik weet zeker dat het wachtwoord klopt en anders had er wel gestaan; wachtwoord onjuist.
wanneer hij opent gaat hij vanzelf naar de map "verzonden".
ik vertrouw dit niet helemaal...of zie ik spoken?
ik maak wel gebruik van een router voor mijn wlan maar heb deze met een wachtwoord beveiligd.

ik zal nu combofix gaan draaien.

gr mel

[mellebel]

ComboFix 10-02-08.09 - mandy 09-02-2010 19:49:26.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1535.945 [GMT 1:00]
Gestart vanuit: c:\documents and settings\mandy\Bureaublad\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\mandy\Application Data\Desktopicon
c:\windows\system32\drivers\Xprotector.sys
c:\windows\system32\reboot.txt
L:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_XPROTECTOR


(((((((((((((((((((( Bestanden Gemaakt van 2010-01-09 to 2010-02-09 ))))))))))))))))))))))))))))))
.

2010-02-08 09:04 . 2010-02-08 09:05 -------- d-----w- c:\documents and settings\mandy\Application Data\QuickScan
2010-02-05 21:13 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-02-05 21:13 . 2008-07-10 10:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-02-05 21:13 . 2008-07-10 10:00 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-02-05 21:13 . 2008-07-10 10:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-02-05 21:10 . 2010-02-05 21:10 -------- d-----w- c:\documents and settings\mandy\Application Data\Peace Craft
2010-02-04 07:27 . 2010-02-04 07:27 -------- d-----w- c:\documents and settings\mandy\Local Settings\Application Data\VS Revo Group
2010-01-31 12:38 . 2010-01-31 21:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-31 12:27 . 2010-01-31 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-01-31 12:27 . 2010-01-31 12:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-31 12:27 . 2010-01-31 12:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-01-28 08:03 . 2010-01-28 08:03 -------- d-----w- c:\documents and settings\mandy\Application Data\Get Mail
2010-01-28 08:03 . 2010-01-28 08:12 -------- d-----w- c:\program files\GetMail
2010-01-22 14:51 . 2010-02-09 17:20 22 ----a-w- c:\windows\popcinfot.dat
2010-01-20 09:57 . 2010-01-20 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Runic
2010-01-20 09:46 . 2010-02-09 12:11 -------- d--h--r- c:\documents and settings\mandy\Onlangs geopend
2010-01-20 09:41 . 2010-01-20 09:41 -------- d-----w- c:\documents and settings\mandy\Application Data\InstallShield
2010-01-20 09:04 . 2010-01-20 09:04 -------- d-----w- c:\program files\CCleaner
2010-01-19 09:18 . 2010-01-19 09:18 -------- d-----w- c:\program files\Common Files\Bcgsoft
2010-01-19 09:18 . 2010-02-08 07:41 -------- d-----w- c:\documents and settings\All Users\Bureaublad
2010-01-19 09:18 . 2010-01-19 09:18 -------- d-----w- c:\program files\Picture Collage Maker
2010-01-18 06:55 . 2010-01-18 06:55 -------- d-----w- c:\documents and settings\mandy\Application Data\Softland
2010-01-18 06:55 . 2010-01-18 06:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\Softland
2010-01-18 06:55 . 2010-01-05 15:24 21704 ----a-w- c:\windows\system32\dopdfmn7.dll
2010-01-18 06:55 . 2010-01-05 15:24 18632 ----a-w- c:\windows\system32\dopdfmi7.dll
2010-01-18 06:55 . 2005-03-29 03:20 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-01-18 06:55 . 2010-01-18 06:55 -------- d-----w- c:\program files\doPDF 7
2010-01-13 06:32 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 17:40 . 2008-10-18 11:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-08 17:39 . 2008-10-18 11:30 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-07 18:04 . 2008-12-07 11:44 -------- d-----w- c:\documents and settings\mandy\Application Data\Zylom
2010-02-07 18:03 . 2008-12-06 19:09 -------- d-----w- c:\program files\Zylom Games
2010-02-01 21:55 . 2008-12-07 13:38 97 ----a-w- c:\windows\popcinfo.dat
2010-01-28 06:10 . 2008-10-17 23:21 127208 ----a-w- c:\documents and settings\mandy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 20:56 . 2008-10-28 15:21 -------- d-----w- c:\documents and settings\mandy\Application Data\Azureus
2010-01-27 18:32 . 2008-10-27 11:27 -------- d-----w- c:\program files\eMule
2010-01-27 16:39 . 2008-10-28 15:20 -------- d-----w- c:\program files\Vuze
2010-01-27 12:55 . 2008-10-30 10:06 -------- d-----w- c:\program files\games
2010-01-26 08:43 . 2008-11-07 13:35 -------- d-----w- c:\documents and settings\mandy\Application Data\Atari
2010-01-25 08:34 . 2008-11-28 18:54 -------- d-----w- c:\documents and settings\mandy\Application Data\Belastingdienst
2010-01-22 06:25 . 2009-11-25 16:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 22:32 . 2009-01-13 10:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-21 22:23 . 2009-01-13 10:53 -------- d-----w- c:\program files\Microsoft Works
2010-01-20 17:06 . 2009-02-13 16:50 40 ----a-w- c:\windows\RSoftInfo.dat
2010-01-20 09:46 . 2008-10-19 15:30 -------- d-----w- c:\program files\ReflexiveArcade
2010-01-20 09:42 . 2008-10-18 10:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-20 09:17 . 2009-04-19 19:13 -------- d-----w- c:\documents and settings\mandy\Application Data\DeepBurner
2010-01-20 09:17 . 2008-11-13 10:05 -------- d-----w- c:\documents and settings\mandy\Application Data\zweitgeist
2010-01-20 09:17 . 2008-10-18 13:51 -------- d-----w- c:\program files\IncrediMail
2010-01-17 00:20 . 2008-10-19 14:26 -------- d-----w- c:\program files\PowerDVD
2010-01-11 16:33 . 2010-02-08 09:03 789320 ----a-w- c:\documents and settings\mandy\Application Data\Mozilla\Firefox\Profiles\lerhlyg8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-01-11 16:32 . 2010-02-08 09:03 698184 ----a-w- c:\documents and settings\mandy\Application Data\Mozilla\Firefox\Profiles\lerhlyg8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-01-10 23:25 . 2009-08-30 17:22 1010168 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-10 15:44 . 2009-01-04 17:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-07 15:07 . 2008-10-18 11:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-10-18 11:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 11:08 . 2010-01-12 08:17 4726272 ----a-w- c:\documents and settings\mandy\Application Data\Mozilla\Firefox\Profiles\lerhlyg8.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-06 11:08 . 2010-01-12 08:17 103424 ----a-w- c:\documents and settings\mandy\Application Data\Mozilla\Firefox\Profiles\lerhlyg8.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-06 11:08 . 2010-01-12 08:17 545280 ----a-w- c:\documents and settings\mandy\Application Data\Mozilla\Firefox\Profiles\lerhlyg8.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-06 11:08 . 2010-01-12 08:17 4725760 ----a-w- c:\documents and settings\mandy\Application Data\Mozilla\Firefox\Profiles\lerhlyg8.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-06 11:08 . 2010-01-12 08:17 57856 ----a-w- c:\documents and settings\mandy\Application Data\Mozilla\Firefox\Profiles\lerhlyg8.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-06 11:08 . 2010-01-12 08:17 153600 ----a-w- c:\documents and settings\mandy\Application Data\Mozilla\Firefox\Profiles\lerhlyg8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-06 11:08 . 2010-01-12 08:17 344064 ----a-w- c:\documents and settings\mandy\Application Data\Mozilla\Firefox\Profiles\lerhlyg8.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-03 12:36 . 2009-12-04 07:25 13896 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-01-03 12:36 . 2009-12-04 07:24 -------- d-----w- c:\program files\Hitman Pro 3.5
2009-12-29 11:54 . 2009-12-29 11:54 3532 ---ha-w- C:\drmHeader.bin
2009-12-27 13:21 . 2009-12-27 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-12-27 13:21 . 2009-01-06 12:39 -------- d-----w- c:\program files\IObit
2009-12-22 05:21 . 2001-09-07 12:00 670208 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2008-10-17 23:15 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-14 21:33 . 2009-12-14 21:32 1024 ----a-w- c:\documents and settings\All Users\Application Data\imgppt2.dll
2009-12-14 21:33 . 2009-12-14 21:32 1024 ----a-w- c:\documents and settings\All Users\Application Data\imgppt2.dll
2009-12-14 21:28 . 2009-12-14 21:28 -------- d-----w- c:\program files\PDF-Convert
2009-12-10 18:27 . 2009-12-10 18:27 81920 ------r- c:\windows\bwUnin-6.1.4.36-8876480L.exe
2009-12-10 10:42 . 2001-09-07 12:00 87068 ----a-w- c:\windows\system32\perfc013.dat
2009-12-10 10:42 . 2001-09-07 12:00 501868 ----a-w- c:\windows\system32\perfh013.dat
2009-11-15 13:21 . 2009-11-15 13:21 1024 ----a-w- c:\documents and settings\All Users\Application Data\imgdoc2.dll
2009-11-15 13:21 . 2009-11-15 13:21 1024 ----a-w- c:\documents and settings\All Users\Application Data\imgdoc2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\mandy\Menu Start\Programma's\Opstarten\
KatMouse.lnk - c:\program files\KatMouse\KatMouse.exe [2005-9-24 50176]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hp psc 2000 Series.lnk]
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^officejet 6100.lnk]
backup=c:\windows\pss\officejet 6100.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^mandy^Menu Start^Programma's^Opstarten^PowerReg Scheduler.exe]
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2008-08-08 08:38 26112 ------w- c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 17:02 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDBitSet]
2003-07-18 18:00 188416 ------w- c:\program files\HP DVD\Umbrella\DVDBitSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
2003-07-23 17:41 65536 ------w- c:\program files\HP DVD\Umbrella\DVDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
2005-07-26 13:12 4771840 ----a-w- c:\program files\eMule\emule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2009-02-25 11:23 251264 ----a-w- c:\program files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 17:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 17:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 16:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2009-06-23 10:37 745472 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 14:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
2009-01-06 10:42 202064 ----a-w- c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2008-04-04 10:38 88584 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-10-28 15:16 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-14 16:28 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\games\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\CIMSVR.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:192.168.1.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:192.168.1.0/255.255.255.0:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:192.168.1.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:192.168.1.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11-9-2009 7:23 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11-9-2009 7:26 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11-9-2009 7:24 735960]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [12-9-2009 17:44 1527900]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [13-9-2009 14:25 272128]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [6-9-2009 17:02 544768]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30-10-2008 10:39 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhoud van de 'Gedeelde Taken' map

2010-02-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.europe.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\windows\system32\mscoree.DLL
FF - ProfilePath - c:\documents and settings\mandy\Application Data\Mozilla\Firefox\Profiles\lerhlyg8.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://europe.google.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\mandy\Application Data\Mozilla\Firefox\Profiles\lerhlyg8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - component: c:\documents and settings\mandy\Application Data\Mozilla\Firefox\Profiles\lerhlyg8.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\mandy\Application Data\Mozilla\Firefox\Profiles\lerhlyg8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\mandy\Application Data\Mozilla\Firefox\Profiles\lerhlyg8.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
MSConfigStartUp-IObit Security 360 - c:\program files\IObit\IObit Security 360\IS360tray.exe
MSConfigStartUp-Orb - c:\program files\Winamp Remote\bin\OrbTray.exe
MSConfigStartUp-PCSuiteTrayApplication - c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
AddRemove-TRDemo.exe - c:\program files\games\trophy rivers demo\SIERRA\TRDemo\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 20:01
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2352)
c:\program files\KatMouse\KatMouseS.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Voltooingstijd: 2010-02-09 20:11:55 - machine werd herstart
ComboFix-quarantined-files.txt 2010-02-09 19:11

Pre-Run: 40.177.455.104 bytes beschikbaar
Post-Run: 40.208.334.848 bytes beschikbaar

- - End Of File - - ADCEDEA966C89B088DBF81D79D0F68FC



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15:30, on 9-2-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\KatMouse\KatMouse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\mandy\Mijn documenten\setups\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.europe.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: KatMouse.lnk = C:\Program Files\KatMouse\KatMouse.exe
O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...4326429703
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com...nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 7238 bytes

[Marckie]

Geef nu even een update van de problemen.

[mellebel]

ik krijg bijv de volgende melding en toevallig deze van hyves maar had ook een andere site kunnen zijn.

Server niet gevonden
Firefox kan de server op secure.hyves.org niet vinden.

* Controleer het adres op typefouten zoals
ww.voorbeeld.com in plaats van
http://www.voorbeeld.com

* Controleer uw netwerkverbinding indien u geen enkele pagina kunt
laden.

* Verzeker u ervan dat Firefox toegang heeft tot het web als uw
computer of netwerk is beveiligd door een firewall of proxyserver.



verder lijkt het internet sneller te werken, maar de download snelheid gaat niet omhoog.
zal dit probleem dan denk ik bij de provider moeten zoeken.
de overige problemen heb ik verder nog niet ondervonden.

krijg wel van eset de melding dat mijn systeem via windows geupdated moet worden.
er staan 27 updates.
verder heb ik nu een IE op mijn buroblad.

was er iets te zien in de logjes?
gr mel











het internet lijkt sneller te werken

[Marckie]

Downloadt en installeer alle essentiële updates die beschikbaar zijn.
Meld je daarna terug met een nieuwe hijackthislog.

[mellebel]

goedemorgen

en bij deze het log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:10, on 10-2-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\KatMouse\KatMouse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\mandy\Mijn documenten\setups\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://europe.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: KatMouse.lnk = C:\Program Files\KatMouse\KatMouse.exe
O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsu...4326429703
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com...nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 7250 bytes

[mellebel]

hallo,

vandaag weer dezelfde problemen..iedere keer problemen met het laden van pagina's..
krijg het idee dat het aan firefox ligt en ben dus tijdelijk de ie maar weer gaan gebruiken, ook al heb ik liever firefox.
heb ie geupdated naar 8 omdat ik nog steeds 6 gebruikte.
bij mijn hotmail ook weer dezelfde vreemde toestanden;
------------------------------------------------------------------
Aanmelden
Foutsymbool Wachtwoord is vereist.

Windows Live ID:

Wachtwoord:
Wachtwoord vergeten?

Mijn Windows Live ID op deze computer onthouden (?)
Mijn wachtwoord onthouden (?)
Aanmelden met standaard beveiliging
----------------------------------------------------------------------------------------------
dit geeft hij elke keer 2x achter elkaar weer...de 3de x, logt hij wel in.

[Marckie]

Deïnstalleer Firefox.
Herstart de computer.
Verwijder deze mappen:
c:\program files\Mozilla Firefox
c:\documents and settings\mandy\Application Data\Mozilla

Herstart de computer.
Installeer Firefox opnieuw.

[mellebel]

ik heb bovenstaande gedaan.
het inloggen op mijn hotmail gaat nu goed alleen wanneer ik internet pagina's open, open hij ze niet goed.
de afbeeldingen worden niet weer gegeven en overal staan kruisjes.
ik heb wel weer updates klaar staan voor installatie.
zal ze installeren en even herstarten.
moet ik nog een hijack log draaien?

[Marckie]

Neen, na updaten graag een nieuwe log van ComboFix.

[mellebel]

(10-02-2010 21:40)Marckie schreef:  Neen, na updaten graag een nieuwe log van ComboFix.

ComboFix 10-02-10.01 - mandy 10-02-2010 20:51:33.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1535.947 [GMT 1:00]
Gestart vanuit: c:\documents and settings\mandy\Bureaublad\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

(((((((((((((((((((( Bestanden Gemaakt van 2010-01-10 to 2010-02-10 ))))))))))))))))))))))))))))))
.

2010-02-10 16:11 . 2010-02-10 18:59 -------- d--h--r- c:\documents and settings\mandy\Onlangs geopend
2010-02-10 12:49 . 2010-02-10 12:49 -------- d-sh--w- c:\windows\PrivacIE
2010-02-10 12:41 . 2010-02-10 12:41 -------- d-sh--w- c:\windows\IETldCache
2010-02-10 12:33 . 2010-02-10 12:33 -------- d-----w- c:\windows\ie8updates
2010-02-10 12:27 . 2010-02-10 12:29 -------- dc-h--w- c:\windows\ie8
2010-02-10 12:10 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-10 12:09 . 2009-12-21 19:10 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-10 12:09 . 2009-12-21 19:10 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-10 12:09 . 2009-12-21 19:10 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-10 12:09 . 2009-12-21 19:10 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-10 12:09 . 2009-12-21 19:10 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-10 12:09 . 2009-12-21 19:10 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-08 09:04 . 2010-02-08 09:05 -------- d-----w- c:\documents and settings\mandy\Application Data\QuickScan
2010-02-05 21:13 . 2008-07-31 09:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2010-02-05 21:13 . 2008-07-10 10:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-02-05 21:13 . 2008-07-10 10:00 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-02-05 21:13 . 2008-07-10 10:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-02-05 21:10 . 2010-02-05 21:10 -------- d-----w- c:\documents and settings\mandy\Application Data\Peace Craft
2010-02-04 07:27 . 2010-02-04 07:27 -------- d-----w- c:\documents and settings\mandy\Local Settings\Application Data\VS Revo Group
2010-01-31 12:38 . 2010-01-31 21:07 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-31 12:27 . 2010-01-31 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-01-31 12:27 . 2010-01-31 12:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-31 12:27 . 2010-01-31 12:27 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-01-28 08:03 . 2010-01-28 08:03 -------- d-----w- c:\documents and settings\mandy\Application Data\Get Mail
2010-01-28 08:03 . 2010-01-28 08:12 -------- d-----w- c:\program files\GetMail
2010-01-22 14:51 . 2010-02-09 17:20 22 ----a-w- c:\windows\popcinfot.dat
2010-01-20 09:57 . 2010-01-20 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Runic
2010-01-20 09:41 . 2010-01-20 09:41 -------- d-----w- c:\documents and settings\mandy\Application Data\InstallShield
2010-01-20 09:04 . 2010-01-20 09:04 -------- d-----w- c:\program files\CCleaner
2010-01-19 09:18 . 2010-01-19 09:18 -------- d-----w- c:\program files\Common Files\Bcgsoft
2010-01-19 09:18 . 2010-02-10 18:46 -------- d-----w- c:\documents and settings\All Users\Bureaublad
2010-01-19 09:18 . 2010-01-19 09:18 -------- d-----w- c:\program files\Picture Collage Maker
2010-01-18 06:55 . 2010-01-18 06:55 -------- d-----w- c:\documents and settings\mandy\Application Data\Softland
2010-01-18 06:55 . 2010-01-18 06:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\Softland
2010-01-18 06:55 . 2010-01-05 15:24 21704 ----a-w- c:\windows\system32\dopdfmn7.dll
2010-01-18 06:55 . 2010-01-05 15:24 18632 ----a-w- c:\windows\system32\dopdfmi7.dll
2010-01-18 06:55 . 2005-03-29 03:20 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2010-01-18 06:55 . 2010-01-18 06:55 -------- d-----w- c:\program files\doPDF 7
2010-01-13 06:32 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-10 12:41 . 2008-10-20 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-10 06:56 . 2009-01-13 10:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-08 17:40 . 2008-10-18 11:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-08 17:39 . 2008-10-18 11:30 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-07 18:04 . 2008-12-07 11:44 -------- d-----w- c:\documents and settings\mandy\Application Data\Zylom
2010-02-07 18:03 . 2008-12-06 19:09 -------- d-----w- c:\program files\Zylom Games
2010-02-01 21:55 . 2008-12-07 13:38 97 ----a-w- c:\windows\popcinfo.dat
2010-01-28 06:10 . 2008-10-17 23:21 127208 ----a-w- c:\documents and settings\mandy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-27 20:56 . 2008-10-28 15:21 -------- d-----w- c:\documents and settings\mandy\Application Data\Azureus
2010-01-27 18:32 . 2008-10-27 11:27 -------- d-----w- c:\program files\eMule
2010-01-27 16:39 . 2008-10-28 15:20 -------- d-----w- c:\program files\Vuze
2010-01-27 12:55 . 2008-10-30 10:06 -------- d-----w- c:\program files\games
2010-01-26 08:43 . 2008-11-07 13:35 -------- d-----w- c:\documents and settings\mandy\Application Data\Atari
2010-01-25 08:34 . 2008-11-28 18:54 -------- d-----w- c:\documents and settings\mandy\Application Data\Belastingdienst
2010-01-22 06:25 . 2009-11-25 16:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 22:23 . 2009-01-13 10:53 -------- d-----w- c:\program files\Microsoft Works
2010-01-20 17:06 . 2009-02-13 16:50 40 ----a-w- c:\windows\RSoftInfo.dat
2010-01-20 09:46 . 2008-10-19 15:30 -------- d-----w- c:\program files\ReflexiveArcade
2010-01-20 09:42 . 2008-10-18 10:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-20 09:17 . 2009-04-19 19:13 -------- d-----w- c:\documents and settings\mandy\Application Data\DeepBurner
2010-01-20 09:17 . 2008-11-13 10:05 -------- d-----w- c:\documents and settings\mandy\Application Data\zweitgeist
2010-01-20 09:17 . 2008-10-18 13:51 -------- d-----w- c:\program files\IncrediMail
2010-01-17 00:20 . 2008-10-19 14:26 -------- d-----w- c:\program files\PowerDVD
2010-01-10 23:25 . 2009-08-30 17:22 1010168 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-10 15:44 . 2009-01-04 17:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-07 15:07 . 2008-10-18 11:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2008-10-18 11:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 12:36 . 2009-12-04 07:25 13896 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-01-03 12:36 . 2009-12-04 07:24 -------- d-----w- c:\program files\Hitman Pro 3.5
2009-12-31 16:50 . 2001-09-07 12:00 353792 ------w- c:\windows\system32\drivers\srv.sys
2009-12-29 11:54 . 2009-12-29 11:54 3532 ---ha-w- C:\drmHeader.bin
2009-12-27 13:21 . 2009-12-27 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-12-27 13:21 . 2009-01-06 12:39 -------- d-----w- c:\program files\IObit
2009-12-21 19:10 . 2001-09-07 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-10-17 22:48 345600 ------w- c:\windows\system32\mspaint.exe
2009-12-14 21:33 . 2009-12-14 21:32 1024 ----a-w- c:\documents and settings\All Users\Application Data\imgppt2.dll
2009-12-14 21:33 . 2009-12-14 21:32 1024 ----a-w- c:\documents and settings\All Users\Application Data\imgppt2.dll
2009-12-14 21:28 . 2009-12-14 21:28 -------- d-----w- c:\program files\PDF-Convert
2009-12-14 07:10 . 2001-09-07 12:00 33280 ------w- c:\windows\system32\csrsrv.dll
2009-12-10 18:27 . 2009-12-10 18:27 81920 ------r- c:\windows\bwUnin-6.1.4.36-8876480L.exe
2009-12-10 10:42 . 2001-09-07 12:00 87068 ----a-w- c:\windows\system32\perfc013.dat
2009-12-10 10:42 . 2001-09-07 12:00 501868 ----a-w- c:\windows\system32\perfh013.dat
2009-12-09 10:11 . 2001-09-07 12:00 2193536 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2001-09-06 19:53 2070400 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2001-09-07 12:00 455424 ------w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2001-09-07 12:00 1295872 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2001-09-06 21:27 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:10 . 2001-09-07 12:00 85504 ------w- c:\windows\system32\avifil32.dll
2009-11-27 16:10 . 2001-09-07 12:00 28672 ------w- c:\windows\system32\msvidc32.dll
2009-11-27 16:10 . 2001-09-07 12:00 11264 ------w- c:\windows\system32\msrle32.dll
2009-11-27 16:10 . 2001-09-06 21:27 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:10 . 2001-09-06 21:26 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 16:03 . 2001-09-07 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-15 13:21 . 2009-11-15 13:21 1024 ----a-w- c:\documents and settings\All Users\Application Data\imgdoc2.dll
2009-11-15 13:21 . 2009-11-15 13:21 1024 ----a-w- c:\documents and settings\All Users\Application Data\imgdoc2.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\mandy\Menu Start\Programma's\Opstarten\
KatMouse.lnk - c:\program files\KatMouse\KatMouse.exe [2005-9-24 50176]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^BlueSoleil.lnk]
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hp psc 2000 Series.lnk]
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^officejet 6100.lnk]
backup=c:\windows\pss\officejet 6100.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^mandy^Menu Start^Programma's^Opstarten^PowerReg Scheduler.exe]
backup=c:\windows\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 16:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2008-08-08 08:38 26112 ------w- c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 17:02 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDBitSet]
2003-07-18 18:00 188416 ------w- c:\program files\HP DVD\Umbrella\DVDBitSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDTray]
2003-07-23 17:41 65536 ------w- c:\program files\HP DVD\Umbrella\DVDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
2005-07-26 13:12 4771840 ----a-w- c:\program files\eMule\emule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
2009-02-25 11:23 251264 ----a-w- c:\program files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 17:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 17:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 16:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2009-06-23 10:37 745472 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-06-25 14:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2008-11-02 08:38 167936 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
2009-01-06 10:42 202064 ----a-w- c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2008-04-04 10:38 88584 ----a-w- c:\program files\Logitech\Gaming Software\LWEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-10-28 15:16 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-11-14 16:28 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\games\\TmNationsForever\\TmForever.exe"=
"c:\\WINDOWS\\system32\\CIMSVR.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:192.168.1.0/255.255.255.0:Enabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:192.168.1.0/255.255.255.0:Enabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:192.168.1.0/255.255.255.0:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:192.168.1.0/255.255.255.0:Enabled:@xpsp2res.dll,-22002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11-9-2009 7:23 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11-9-2009 7:26 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [11-9-2009 7:24 735960]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [12-9-2009 17:44 1527900]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [13-9-2009 14:25 272128]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [6-9-2009 17:02 544768]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [30-10-2008 10:39 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhoud van de 'Gedeelde Taken' map

2010-02-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://europe.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\windows\system32\mscoree.DLL
FF - ProfilePath - c:\documents and settings\mandy\Application Data\Mozilla\Firefox\Profiles\q39bbnwc.default\
FF - prefs.js: browser.startup.homepage - hxxp://europe.google.com
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-10 21:00
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3180)
c:\windows\system32\webcheck.dll
.
Voltooingstijd: 2010-02-10 21:05:18
ComboFix-quarantined-files.txt 2010-02-10 20:05
ComboFix2.txt 2010-02-09 19:11

Pre-Run: 39.489.060.864 bytes beschikbaar
Post-Run: 39.451.058.176 bytes beschikbaar

- - End Of File - - EA9F18D14F9CC6D21E259119CDD0BDF1

[Marckie]

Had je dit uitgevoerd zoals aangegeven?

http://support.bluemedicine.be/mybb/thre...l#pid31435

Ik denk het niet.

Het is echt nodig dat je correct uitvoert wat ik aangeef.
Probeer je nog eens?

[mellebel]

ik weet toch bijna zeker dat ik het wel zo gedaan heb.
nu wil ik het weer uitvoeren, maar heb nergens de map.
c:\program files\Mozilla Firefox

ik zal deze map verwijderen en herstarten..daarna firefox opnieuw installeren.
en dan een log?

[Marckie]

Niet zo maar verwijderen, eerst Firefox deïnstalleren.
Herstarten en dan de mappen verwijderen die ik aangaf.
Weer herstarten en dan opnieuw Firefox installeren.